Hello Ariela, > But that's just my opinion, so I'd like to hear some feedback about it before > I > decide if it's worth submitting to the coop now, or ever. > > The project uses nng[1] for communication (I made some rudimentary bindings to > the bare minimum), protobuf for serialization and tweetnacl for encryption. > Now, I'm FAR from an expert on communication, security, or even concurrency, > so there's probably a lot to pick on :)
0. Funny how history repeats itself with the actor model and Scheme: <https://en.wikipedia.org/wiki/History_of_the_Scheme_programming_language#Carl_Hewitt,_the_Actor_model,_and_the_birth_of_Scheme> 1. Why Protobuf? Why in combination with JSON? Why not just JSON? Or just Protobuf, but consider it's been designed for the cases where JSON is too expensive to use, so not for this project I guess... 2. Cool that you use tweetnacl for encryption, but please don't use random numbers for nonces, that's just wrong. Nonces are not supposed to be secret, random or unpredictable, but unique numbers that do not repeat. Random numbers do repeat eventually. If a nonce repeats, this allows certain cryptographical attacks to be performed on the corresponding ciphertexts. Vasilij
signature.asc
Description: PGP signature
